What technology area does this patent fall under?

Primary CPC classification G06F21/316. Mapped technology areas include Physics.

When was this patent published?

Publication date Tue Jul 11 2017 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 1 related publication on this page (citations in our corpus or others sharing the same primary CPC).

Methods and systems for behavioral analysis of mobile device behaviors based on user persona information

US9703962B2 · US · B2

Patent metadata
Field	Value
Publication number	US-9703962-B2
Application number	US-201414510772-A
Country	US
Kind code	B2
Filing date	Oct 9, 2014
Priority date	Oct 9, 2014
Publication date	Jul 11, 2017
Grant date	Jul 11, 2017

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

A computing device processor may be configured with processor-executable instructions to implement methods of using behavioral analysis and machine learning techniques to identify, prevent, correct, or otherwise respond to malicious or performance-degrading behaviors of the computing device. As part of these operations, the processor may generate user-persona information that characterizes the user based on that user's activities, preferences, age, occupation, habits, moods, emotional states, personality, device usage patterns, etc. The processor may use the user-persona information to dynamically determine the number of device features that are monitored or evaluated in the computing device, to identify the device features that are most relevant to determining whether the device behavior is not consistent with a pattern of ordinary usage of the computing device by the user, and to better identify or respond to non-benign behaviors of the computing device.

First claim

Opening claim text (preview).

What is claimed is: 1. A method of analyzing a device behavior in a computing device, comprising: monitoring, by a processor of the computing device, activities of a software application operating on the computing device to generate user-persona information that characterizes a user of the computing device, the generated user-persona information including information that characterizes the user's mood; using the generated user-persona information to select two or more device features; monitoring the selected two or more device features to collect behavior information; determining whether the user's mood is relevant to analyzing the behavior information collected by monitoring the selected two or more device features; and generating a classifier model that includes a plurality of one-level decision trees that each evaluate a device feature in relation to the user's mood in response to determining that the user's mood is relevant to analyzing the behavior information collected by monitoring the selected two or more device features; generating a behavior vector that correlates the behavior information for which the user's mood is relevant to the user's mood at the time the behavior information was collected; applying the generated behavior vector to the classifier model to generate an analysis result; and using the generated analysis result to determine whether the device behavior is non-benign. 2. The method of claim 1 , wherein using the generated user-persona information to select the two or more device features comprises: selecting the two or more device features so as to balance tradeoffs between performance and security. 3. The method of claim 1 , wherein using the generated user-persona information to select the two or more device features comprises: selecting the two or more device features that are most relevant to determining whether the device behavior is not consistent with a pattern of ordinary usage of the computing device by the user. 4. The method of claim 1 , wherein generating the classifier model that includes the plurality of one-level decision trees that each evaluate a device feature in relation to the user's mood comprises generating a user-specific classifier model that evaluates the selected two or more device features, and wherein applying the generated behavior vector to the classifier model to generate the analysis result comprises applying the generated behavior vector to the user-specific classifier model to generate the analysis result. 5. The method of claim 4 , wherein generating the user-specific classifier model comprises: receiving a full classifier model that includes a plurality of test conditions; identifying test conditions in the plurality of test conditions that evaluate the determined device features; and generating the user-specific classifier model to include identified test conditions; wherein applying the generated behavior vector to the user-specific classifier model comprises: applying the generated behavior vector to the user-specific classifier model so as to evaluate each test condition included in the user-specific classifier model; and computing a weighted average of each result of evaluating test conditions in the user-specific classifier model; and wherein using the generated analysis result to determine whether the device behavior is non-benign comprises determining whether the device behavior is non-benign based on the computed weighted average. 6. The method of claim 1 , wherein monitoring the activities of the software application operating on the computing device to generate the user-persona information that characterizes the user of the computing device further comprises monitoring a user-interaction between the user and the software application. 7. A computing device, comprising: a processor configured with processor-executable instructions to perform operations comprising: monitoring activities of a software application operating on the computing device to generate user-persona information that characterizes a user of the computing device, the generated user-persona information including information that characterizes the user's mood; using the generated user-persona information to select two or more device features; monitoring the selected two or more device features to collect behavior information; determining whether the user's mood is relevant to analyzing the behavior information collected by monitoring the selected two or more device features; and generating a classifier model that includes a plurality of one-level decision trees that each evaluate a device feature in relation to the user's mood in response to determining that the user's mood is relevant to analyzing the behavior information collected by monitoring the selected two or more device features; generating a behavior vector that correlates the behavior information for which the user's mood is relevant to the user's mood at the time the behavior information was collected; applying the generated behavior vector to the classifier model to generate an analysis result; and using the generated analysis result to determine whether a device behavior is non-benign. 8. The computing device of claim 7 , wherein the processor is configured with processor-executable instructions to perform operations such that using the generated user-persona information to select the two or more device features comprises: selecting the two or more device features so as to balance tradeoffs between performance and security. 9. The computing device of claim 7 , wherein the processor is configured with processor-executable instructions to perform operations such that using the generated user-persona information to select the two or more device features comprises: selecting the two or more device features that are most relevant to determining whether the device behavior is not consistent with a pattern of ordinary usage of the computing device by the user. 10. The computing device of claim 7 , wherein: the processor is configured with processor-executable instructions to perform operations such that generating the classifier model that includes the plurality of one-level decision trees that each evaluate a device feature in relation to the user's mood comprises generating a user-specific classifier model that evaluates the selected two or more device features; and the processor is configured with processor-executable instructions to perform operations such that applying the generated behavior vector to the classifier model generate the analysis result comprises applying the generated behavior vector to the user-specific classifier model to generate the analysis result. 11. The computing device of claim 10 , wherein the processor is configured with processor-executable instructions to perform operations such that generating the user-specific classifier model comprises: receiving a full classifier model that includes a plurality of test conditions; identifying test conditions in the plurality of test conditions that evaluate the determined device features; and generating the user-specific classifier model to include identified test conditions; wherein the processor is configured with processor-executable instructions to perform operations such that applying the generated behavior vector to the user-specific classifier model to determine whether the device behavior is non-benign comprises: applying the generated behavior vector to the user-specific classifier model so as to evaluate each test condition included in the user-specific classifier model; and computing a weighted average of each result of evaluating test conditions in the user-specific cl

Assignees

Qualcomm Inc

Inventors

Classifications

G06F21/316Primary
by observing the pattern of computer usage, e.g. typical user behaviour · CPC title
H04L63/145
the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms · CPC title
G06F21/577Primary
Assessing vulnerabilities and evaluating computer system security · CPC title
G06F11/3024
where the computing system component is a central processing unit [CPU] · CPC title
H04L63/1425
Traffic logging, e.g. anomaly detection · CPC title

Patent family

Related publications grouped by family.

View patent family 54015187

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US9703962B2 cover?: A computing device processor may be configured with processor-executable instructions to implement methods of using behavioral analysis and machine learning techniques to identify, prevent, correct, or otherwise respond to malicious or performance-degrading behaviors of the computing device. As part of these operations, the processor may generate user-persona information that characterizes the …
Who is the assignee on this patent?: Qualcomm Inc
What technology area does this patent fall under?: Primary CPC classification G06F21/316. Mapped technology areas include Physics.
When was this patent published?: Publication date Tue Jul 11 2017 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 1 related publication on this page (citations in our corpus or others sharing the same primary CPC).